Improve company productivity with a Business Account.Sign Up

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3861
  • Last Modified:

MS Exchange 2003 "454 Temporary EXPS-Authentication failure"


my mail was working fine, then all of a sudden the Routing Group Connection i had between Server A and Server B started queing mail on the connection located on Server A.

I tried to force a connection, but it was in constant retry state.

So i did a telnet to Server B from Server A, initiated a ehlo <domain name> and the following line came back

454 Temporary EXPS-Authentication failure

After doing some research i found the following description on this error, but the solution doesn't seem to fit in with me at all... As all DC's are functioning correctly in our Domain.. i can't find any errors.
"The error message "454 Temporary EXPS-Authentication failure" is emitted by
the exps (exchange protocol-security) sink in Exchange. Usually this means
that the sink is unable to initialize due to DS connectivity/availability
problems. Are you sure you are not receiving a response to EHLO? This
message is returned as a response to the EHLO command by the Exchange
server. If your domain-controller is down, SMTP might seem to hang for a
little while (as it tries to connect to the DS) before it gives up and comes
back with this error.

I would look in the event-log for other errors, but I think this is a DS
connectivity issue. Pull up ldp.exe and make sure you can connect and query
your DC."______________________________________________________________

I have another server, say Server C, which is setup exactely the same as Server B, and i can telnet from Server A to C without any issues..

I can use the helo command, but after doing a mail it kicks me out with the same error from the telnet session.

As it stands, i've had to create a X.400 connection to alow mail to flow, and have freezed the existing RGC.

If someone could help me understand this a little more, that would be appreciated.

  • 3
  • 2
1 Solution
I would remove the Routing Group connector. Then recreate them and see what happens.
You should also ensure that the FQDN on the SMTP virtual server of each machine resolves correctly internally.

Haggard1Author Commented:
Hi Simon,

thanks for the reply, i've already done this.. and checked the FQDN, all seems fine..

I've been told the following, and are leading to believe that there is an issue with the SMTP service, and i may need to reinstall IIS.

Issue - The metabase is not up to date

1.       Open the properties of the Default SMTP virtual server

2.       Change the IP address from <all unassigned> to the specific IP of the server and restart SMTP

3.       This will force an update of the metabase and may resolve your issue.

4.       If a – c does not resolve the problem you may need to re-install IIS and Exchange using the following KB:
How to remove and reinstall IIS and Exchange:

Note: If you can Telnet to the Exchange server and use the HELO verb. Then successfully submit the MAIL FROM command, but are disconnected with this error “425 5.1.0 Dropping connection due to an error on this server”, then you’ll definitely have to re-install IIS and Exchange as the SMTP protocol is damaged!

The last line, about it droping out after a HELO, then mail from is true for my situation..

My only concern is, if i remove and reinstall IIS, will i have to reinstall Exchange completely, or can you get away with removing IIS, and leaving Exchange..? Sounds all a little to risky for my liking!!
You cannot remove IIS without damaging Exchange.
The only officially supported way is the removal of Exchange, then IIS, then the install of both.
It has been known to remove IIS from under Exchange, then reinstall IIS, then reinstall Exchange on top of the existing installation (followed by the relevant service pack). However that is high risk and I wouldn't advise it.

Changing the IP address from all unassigned to the specific IP address, even when there is just one, is something I do as standard when setting up a multiple Exchange site.

If you haven't done that already, I would make that change on all the SMTP virtual servers, then recreate the Routing Group Connectors. The RGCs are odd in that they use the information on the SMTP VS when creating the connector, then use some information from the AD. It can easily catch you out if you aren't careful. If you set the IP address specifically then it doesn't cause as many problems.

Haggard1Author Commented:
Thanks Simon, I'll give that a shot and keep you posted.
Haggard1Author Commented:
Good man, that worked.. Strange however, because as best practise i generally apply the IP address on All 2003 Exchange servers, so anyway, i put it back to original config, restarted the SMTP virtual servers, and bobs your uncle!!

Thanks again
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now